Blog

Popular Fitness Site Endures A Customer Information Breach

According to a recent statement by the company behind the site, the breach occurred in February, 2019 and had its origins in a phishing email the company received back in July of 2018.

A detailed account of the incident was published on the company's help center and contained most of the elements we've come to expect when things like this happen:

The company is very sorry that it happened

"Certain" customer/member information may have been compromised

The company has been working with law enforcement and has brought in a third party to assist with the forensic investigation, which is ongoing

The company also stressed that while partial payment account numbers were compromised, no full debit or credit card information was at risk. That is because the site only stores the last four digits of payment cards if and when a given user opted to have the data stored by the website.

Again in keeping with the common response to incidents like these, Bodybuilding.com reported that in exercising an abundance of caution, they are force-resetting all user passwords. If it's been a while since you've logged on, just be aware that the next time you do, you'll be prompted to change your password.

As to the specific data that was compromised, according to the latest information posted by the company, the following information was accessed by unknown third parties:

User name

The email address you used to sign up for the service

Your billing and/or shipping address

Your phone number

Your order history

Your birthday

Any correspondence that may have occurred between you and the site administrators

Any other information you included in your profile

As ever, if you're using the same password on this site that you use on some other, be sure to change both immediately. Try hard to break the habit of using the same password across multiple web properties.